According to test results of UIDAI’s biometrics-based Aadhaar project, there could be up to 15,000 false positives for every Indian resident. Moreover, this figure is just for identification and not for verification

The Indian government and its de-facto tagging institution, the Unique Identification Authority of India (UIDAI), have not only ignored privacy concerns but also ignored sample test results of its pilot project. Both the government and UIDAI have been in such a hurry that they have neglected the basic principle of pilot testing and size of sample. For over 1.2 billion UID numbers, they have used data from just 20,000 people, in pairs, as the sample and have on the basis of the results gone ahead with the UID number through the 'Aadhaar' project.

UIDAI conducted a proof of the concept trial of the Aadhaar project between March and June 2010. In the results, it said, "The matching analysis was done on two sets of 20,000 biometrics, for a total of 40,000. However, the number of comparisons was several orders of magnitude more than 40,000, since each set of fingerprints would be matched against every other set of fingerprints in the data set".

On the false positive identification rate (FPIR), the authority said, "We will look at the point where the FPIR (i.e. the possibility that a person is mistaken to be a different person) is 0.0025%". This means, for every 1 lakh comparisons, there would be two and a half false positives. On a large scale, it means for a population of over 120 crore, there would be 18 lakh crore false positives, or, for every single Indian resident there would be 15,000 false positives! (Click to see the calculations)

David Moss, who spent eight years campaigning against the UK's National ID (NID) card scheme, has questioned the logic of the UIDAI and the government to depending on biometrics to produce the UID number. In a report titled, "India's ID card scheme-drowning in a sea of false positives", Mr Moss said, "those (the FPIR) conclusions do not follow from the evidence reported. Nothing in UIDAI's surprisingly low quality report suggests that it would be feasible to prove that each electronic identity on the Central ID Repository (CIDR) is unique. Not with a billion plus people on the database. Far from it, India can be confident, from the figures quoted in UIDAI's proof of concept trial report, that de-duplication could never be achieved."

Speaking about the UK's NID scheme, Mr Moss said, "There were many problems with the UK scheme. Not just biometrics. But biometrics is the easiest problem to understand and to discuss objectively and on which to reach an agreed decision, as it's quantifiable, there are no difficult value judgements to make and it's just technology. But it's not a very good technology, for, whenever there is a large-scale field trial, mass consumer biometrics prove to be too unreliable for the ID card schemes that depend on them, as opposed to the mere computer modelling exercises favoured by the US National Institute of Standards and Technology (NIST)."

In addition, there are issues like the reliability of biometric identification for a large population like in India. For the record, no one has ever issued IDs to such a huge population anywhere in the world. And whoever has tried to issue biometrics-based Ids, even for a small size, had to abandon or discard the idea altogether. Like the UK government abolished its NID scheme citing higher costs, impracticality and ungovernable breaches of privacy as reasons for cancelling the NID project.

The UK government spent around £250 million on developing the national ID programme over eight years. However, its abolition means that the government will avoid spending another £800 million over a decade. The NID was launched in July 2002 and as of February 2010, its total costs rose to an estimated £4.5 billion.

For the biometrics-based ID cards, there was one study done at Seoul in Korea. The study was done for ID cards issued for driver licences. It was designed in such a way that by swiping fingers, the drivers were able to access services like paying parking charges and redeeming a ticket. However, after one year, it was found that 5% to 13% users could not use the system. The tests were conducted with four different manufacturers, with drivers being white collar workers and housewives in acceptable quality criteria. In the end the study recommended frequent re-enrolment of users.

According to JT D'Souza, who analysed the pilot study conducted by the UIDAI, given the well-known lacunae in our infrastructure and massive demographics, biometrics as an ID will be a guaranteed failure and result in denial of service. He said, "The sum of false acceptance rate and false rejection rate (EER) reveals only part of the problem, which is rejection or acceptance within a short duration of enrolment. The bigger problem is ageing, including health and environment factors, which causes sufficient change to make biometrics completely unusable and requires very frequent re-enrolment."

The International Biometric Group (IBG) testing also shows that performance can vary drastically within technologies-some fingerprint solutions, for example, had next to no errors during testing, while others rejected nearly 1/3rd of enrolled users. "Most interestingly, the testing shows that over time, many biometric systems are prone to incorrectly rejecting a substantial percentage of users. Verifying a user immediately after enrolment is not highly challenging to biometric systems. However, after six weeks, testing shows that some systems' error rates increase ten-fold," according to the research, consulting and integration firm, which works closely with the biometric industry. The report is titled "Real-World Performance Testing".

Despite all the issues, the UIDAI and the Indian government are pressing hard to implement the UID number scheme across the country. While maintaining that the UID number is not compulsory, both of them are making efforts to make it mandatory using backdoor methods. Nobody is even ready to pause and think about the possible consequences of the failure to identify some poor person from a remote place. It may be a technical glitch for the authorities, but could be a question of life and death for the 'aam admi', who would be denied food and other benefits due to the failure.

"By the time the stillborn (NID) scheme was finally cancelled, the UK's Home Office had lost all credibility, it was totally demoralised and it is now excluded from discussions of the new, and still unspecified, Digital Delivery Identity Assurance project. Having given their unsolicited testimonials to the biometrics industry and its unreliable products, UIDAI will be left to clean up the expensive mess left in India as best they can when 'Aadhaar' is cancelled, while the biometrics industry road-show moves on to the next country and repeats the trick," Mr Moss concluded.

User

Alert me when a new comment is posted

COMMENTS

Ram Das

3 years ago

This article seemed to rehash claims made by Mr. Moss in 2010. Sadly, calculations done by Mr. Moss were simply wrong. The errors were pointed out by Murali when the original article came out. Money life, please consult any reputable mathematician and you will find that Mr. Moss's math is humbung. Reference: http://www.planetbiometrics.com/article-.... Go to the bottom to read where Mr. Moss has goofed up in his calculations.

It is time to stop shouting "earth is in the center because I saw sun rise to the east".

Murali Chirala's is a substantial response. I have today tried twice to post my initial answer on Planet Biometrics but there seems to be a problem with the website.

... and also here on moneylife.in. Just to keep things up to date, here it is, the first of many responses to Murali Chirala:

1 According to Murali Chirala, “Mr. David Moss makes two fundamental errors in ...” and “Mr. Moss confuses FPIR ... with FMR ...” and “Mr. Moss has misinterpreted FPIR and FNIR for FMR and FNMR ...” and there is “... a massive discrepancy in Mr. Moss’ calculations” and “Mr. Moss incorrectly assumes that ...”

2 He’s pretty stupid, this man Moss.

3 We can safely ignore him, he’s irrelevant.

4 Even so, the question remains, for an intelligent third party, are all the records on the Central ID Repository (CIDR) being built by UIDAI biometrically unique? Are they? Or aren’t they? Yes? Or no?

5 Let’s call this intelligent third party “Churali Mirala”, or “CM” for short. CM wants to understand exactly what Murali Chirala is saying, because this question of uniqueness is important. After all, if the Unique Identification Authority of India isn’t offering unique identification, what is it offering?

6 CM takes a good look at Murali Chirala’s second paragraph, where there is talk of “two different galleries”, each with 20,000 records.

7 A gallery here, CM assumes, is a mini CIDR, a set or database of biometric records.

8 What is in the records, CM asks? In UIDAI’s proof of concept trial, each record identified one Indian using 12 items, viz. ten fingerprints and two irisprints. Since that is what we are talking about, UIDAI’s proof of concept trial report, CM assumes that by a “record”, Murali Chirala means 12 fields/columns containing ten fingerprints and two irisprints.

9 Murali Chirala talks of “40,000 searches” on each gallery. Why 40,000? Murali Chirala has a rather elliptical way of writing. We have to “unpack” his words, so to speak. Where did 40,000 come from? CM makes a guess. He assumes that the ten fingerprints are treated as one search term/probe and the two irisprints are treated as a second probe. (CM has been doing some background reading and understands that when you do a matching exercise in the academic field of biometrics you “probe” the “gallery”, which is also sometimes called the “background”.) Good. So that makes two searches for each Indian in the gallery. 40,000 searches in all. CM would like Murali Chirala to confirm that this guess is correct. He doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.

10 And what are these searches, CM asks? There’s not much point searching a gallery against itself, CM thinks, because then the false negative identification rate would have to be zero. And it isn’t. Then CM remembers that the participants in the proof of concept trial had to make two visits to be registered. CM assumes that the gallery was built from the biometrics registered at the first visit and that it is the biometrics registered at the second visit which are being used as the probes. Again, CM would like Murali Chirala to confirm that this guess is correct. He still doesn’t want to be thought to be as stupid as David Moss. But if the guess isn’t correct, then CM still can’t understand what the elliptical Murali Chirala is talking about with his 40,000 searches.

11 Obviously Murali Chirala’s answers would be wasted on David Moss. No question. But Murali Chirala still nevertheless owes answers to any intelligent third party who is interested to know whether records on the CIDR are unique.

12 More questions for Murali Chirala. 60,000 participants attended the second registration session. And yet the gallery comprises only 20,000 Indians. Why, CM wants to know, why doesn’t the gallery have 60,000 people in it? How were the 20,000 chosen? What was wrong with the other 40,000?

13 Also, Murali Chirala, please confirm CM’s assumption that the 20,000 probes chosen from the second registration session used to match against the gallery created from the first registration session were chosen because UIDAI thought they were the same 20,000 people, they’re not 20,000 probes chosen at random, say, from the 60,000 available.

14 We’re still in the second paragraph of Murali Chirala’s post. And there’s another question which requires his attention. He really is the most elliptical of writers.

15 There are two galleries. One of them is “seeded” and the other one isn’t. What is the difference? It seems from what Murali Chirala says that the seeded gallery is required to calculate the false negative identification rate, you can’t do that with an unseeded gallery. CM makes a guess. If Murali Chirala, say, is not matched and the operation returns a negative, the only way UIDAI can know that that is a false negative is if they know in advance that Murali Chirala is in the gallery. So seeding the gallery must involve checking it first, before matching operations begin, to see who’s in it. Perhaps Murali Chirala could confirm.

16 There is an equivalent problem with false positives. Suppose UIDAI probe the unseeded gallery with Murali Chirala’s biometrics and get three matches. Perhaps Murali Chirala is registered on the CIDR three times. They could be legitimate matches. How do UIDAI know that at least two of the positives are false? Only if they already know that all the records in the gallery are unique.

17 But hang on a minute. Isn’t that where we started? That’s exactly what we need to know. Is each record on the CIDR unique? The answer from Murali Chirala so far is that, yes, each record is unique if each record is unique. It seems that whatever Murali Chirala is talking about, the correct way to measure false positive and negative identification rates, it doesn’t help us to establish whether these blessed records are or are not unique.

18 We need answers to these questions raised by Murali Chirala’s second paragraph before we can move on to his third paragraph, which we look forward to doing, soon.

19 Your comments would be appreciated Murali Chirala. It took you 37 days, from 16 February to 25 March to respond last time. That’s fine as long as we’re only dealing with the halfwit David Moss. But an intelligent third party, perhaps an Indian taxpayer wondering if his or her tax money is being wasted, will look forward to an answer from you, Murali Chirala, much more quickly than that, please.

interested observer

In Reply to David Moss5 years ago

dear mr moss,

i was trying to decipher mr muralis explanation and as far as i understand what he finally says is that the number of false positives and false negatives on attempting to confirm the uniqueness of each id being issued can be kept within manageable limits by lowering the tolerances with which they are compared. As the sample size goes up, u look at each id less carefully so that u don't get too many false positive matches from the ids already in the database!!! I hope i am just misunderstanding him.Please tell me if i am missing something here.I can just imagine the chaos when 'mr.common man from the poor and marginalised parts of society' turns up with his uid card and the machine tells him he is not himself. And all these are problems inherent in the system, not to think of the deliberate misdeeds possible..

David Moss

In Reply to David Moss6 years ago

20 Let’s say that CM, the intelligent third party, while waiting for Murali Chirala’s response, reads ahead and finds this: “Mr. Moss incorrectly assumes that the decision threshold on the 1-to-1 comparison score is kept constant independently of the gallery size. In fact this threshold is adjusted in the real operational system to keep FPIR constant independently of the gallery size G. This fact alone removes the possibility of the sea of false positives”.

21 Is Murali Chirala right when he says that the possibility of a sea of false positives has been removed?

22 Probably.

23 After all, this sea of false positives argument is devised by David Moss, already acknowledged as the biometrics village idiot.

24 Or is it? CM checks and, lo, he finds this*, talking about the UK ID card scheme: “academic John Daugman, a former member of the Biometrics Assurance Group (BAG) which reviewed the scheme, says its reliance on fingerprints and facial photos to verify a person's identity will cause the system to collapse under the weight of mismatched identifications”. And this: “Daugman, an expert on iris recognition, says fingerprints and facial photos are not distinctive enough to be able to tell the UK's 45-million-strong adult population apart”. And this: “Daugman said that even if the error rate was as low as one in a million, the 10 to the power of 15 comparisons needed to verify the IDs of 45 million people would result in one billion false matches”. And this: “He told silicon.com: ‘The use of fingerprints will cause deduplication to drown in false matches’ ...”.

25 And who, pray, is John Daugman?

26 Only the king of biometrics based on the iris, the inventor and patentholder of the iris-matching algorithm and a professor at the Cambridge Computer Lab, that’s who**. Search for “john daugman” “biometrics” and Google gets you 7,930 hits.

27 Professor Daugman is not going to be stupid. Not like David Moss. Clearly Murali Chirala disagrees with him. But then, if you search for “Murali Chirala” “biometrics”, Google gets you one hit.

28 It’s hardly a slam dunk argument, you can’t resolve biometrics problems by Google hits, but CM thinks he’s got to make up his own mind about the sea of false positives and not just take Murali Chirala’s word for it that there is not even possibly a drowning problem. Once again, he hopes that Murali Chirala will soon answer.

David Moss

In Reply to David Moss6 years ago

The link to the silicon.com article at para.24 above about Professor Daugman wasn't parsed properly by the moneylife.in editor. Let's try this alternative and this one instead. It's an important article and well worth reading. And it's only short.

David Moss

In Reply to David Moss6 years ago

29 Considering paragraphs 20 to 28 above, CM, the intelligent Indian taxpayer investigating whether UIDAI is wasting public money, wonders why, if there is a sea of false positives, no explorer has discovered it and charted it.

30 One potential answer, considering paragraphs 1 to 19 above, is that no explorer has looked for it. If the sea of false positives is there, it would be revealed the minute anyone tried to prove that all records on the CIDR are biometrically unique. But they don’t try to prove that. Instead, if Murali Chirala is right, they try to calculate the false positive and negative identification rates. And that is a different job.

31 You’d think that CM would now test the truth of this hypothesis.

32 But no, you would be wrong.

33 CM’s eye has been caught by something else. Something else explosive. What looks like a fundamental error in Murali Chirala’s argument. An error that would bring down the whole house of cards. At least it would if UIDAI have made the same error. A hole at the heart of UIDAI’s case. A problem so glaring that it has even occurred to the troglodytic David Moss (in his own dim and benighted way, at least).

34 Every other reader of paragraph 20 above will also have spotted it. It’s a hand grenade with the pin removed. It’s a time-bomb, ticking down fast to zero.

35 Let’s take this slowly, just to check our logic as we go.

36 We’re going to look at matching, comparing someone’s biometrics against the template stored on the CIDR, we’re going to look at the “decision threshold” and the “comparison score” mentioned by Murali Chirala. About time too! That’s what biometrics is all about -- comparing/matching and verifying that Murali Chirala is Murali Chirala. How come it’s taken until paragraph 36 to get onto the subject? Never mind, here we are at last.

37 What we will find is that Murali Chirala is nearly right when he says “... this fact alone removes the possibility of the sea of false positives”. To be quite correct, Murali Chirala should have said “... this fact alone removes the possibility of FINDING the sea of false positives”.

38 We will find that UIDAI and NIST (see below) and others are using a peculiar concept of identity nothing like what normal people understand by the word and muddying the waters by confusing the two usages.

39 And, finally, we will discover that when it comes to biometrics NIST (see below) are arguably a busted flush and so is any organisation like UIDAI that follows NIST’s prescriptions.

42 Murali Chirala has great confidence in NIST. He says: “... while the [UIDAI proof of concept trial] does not provide sufficient number of identification searches to estimate [FPIR] and FNIR in a gallery of size of 1.2B directly, and extrapolating too far out has its own dangers in terms of statistical significance, methodology is available to extrapolate the [UIDAI proof of concept trial] results using trends established earlier in other large well established biometric performance evaluations performed by NIST and other agencies”.

44 That confidence is misplaced.

Ram Das

David Moss

In Reply to Ram Das6 years ago

Good question.
The first version of my sea-of-false-positives argument was posted on the Planet Biometrics website, a sort of biometrics fanzine, please see http://www.planetbiometrics.com/article-...
That was on 16 February, about six weeks ago.
I was told a week later, 23 February, to expect a response from UIDAI.
A month later, on 25 March, I was told that the response I was expecting had now been posted on Planet Biometrics.
I agree that there is nothing to associate Murali Chirala with UIDAI anywhere on the web.
All I am going on is what I was told, by someone who ought to know.

There is homework to be done, getting to grips with this substantial response of UIDAI's.

More, next week ...

David Moss

6 years ago

Vivek Gupta 5 hours agoThis is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.

Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you?

“In any matching algorithm there are multiple inputs applied and not just one”, says VivekGupta, very confidently, based on his experience of credit rating bureaux.
UIDAI is not a credit rating bureau, and they say “biometrics features are selected to be the primary mechanism for ensuring uniqueness” and their mission is “to design biometrics system that enables India to achieve uniqueness in the national registry” and “while certain demographical information is also provided, UIDAI provides no assurance of its accuracy ... demographic information shall not be used for filtering during the de-duplication process”.
There we have a nice example of the problem of induction. VivekGupta assumed that all organisations apply multiple inputs in their matching algorithms, his hypothesis was tested, and UIDAI prove it to be wrong. UIDAI are relying on biometrics only.
There is nothing wrong with moneylife.in publishing VivekGupta’s comments. He’s wrong. But that is not a reason to suppress his comments or to assume that some corrupt person is paying him to distort the facts. Rather, moneylife.in should be praised for hosting an open debate.
Which takes us back to JOABNarayan’s comment three days ago, “I wonder whats the reaction of UID authorities to David Moss' point?” -- UIDAI are strangely silent, aren’t they?

Vivek Gupta

6 years ago

This is what i call discussion without facts or rather distortion of facts. In any matching algorithm there are multiple inputs applied and not just one. Thus likelihood of falsepositive rate can be significantly eliminated by taking a segmented algorithm approach. I have personally worked on many such algorithms for credit bureaus so understand them well. This false positive rate has no relevance without understanding the full algorithm.

Moneylife is only publishing negative comments and distorting facts. Why? Are you afraid that corruption can be stopped using UIDAI and some people are propping you?

The article includes George Tenet. Again.

And it includes this:

"For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret ...
"In interviews, several employees claimed that Mr. Montgomery had manipulated tests in demonstrations with military officials to make it appear that his video recognition software had worked, according to government memorandums ..."

It's extraordinary how government agencies get sucked in.
13 years ago, the police in the London Borough of Newham, helped a company called Visionics to promote the notion that their biometrics software had helped to drive crime off the streets of Newham.
Then in June 2002, as reported by New Scientist magazine, "the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest", http://dematerialisedid.com/Evidence/Bio....
Let's hope the same thing isn't happening to UIDAI.

And it's extraordinary how resilient these companies and their directors are.
The Chairman and CEO of Visionics back then was Dr. Joseph J. Atick. Visionics was swallowed by Identix which, together with many other companies, became L-1 Identity Solutions, http://dematerialisedid.com/BCSL/Genealo....
The Executive Vice President and Chief Strategic Officer of L-1 Identity Solutions is, of course, Dr. Joseph J. Atick.
The embarrassment of luring the police into a deception and the embarrassment of the failure of Visionics and identix in the 2004 UK Passport Service biometrics enrolment trial (as reported by Atos Origin, http://dematerialisedid.com/Evidence/Bio...) just seem to bounce off him.
I sometimes wonder if there is some pathological compulsion to believe that mass consumer biometrics work even when the evidence is there in front of everyone's eyes that they don't.

Let's hope that UIDAI, the Indian government and India itself are less gullible.

Ignorant Indian

6 years ago

Hi David,

The whole basis of your article is one number 0.0025%. This is the FPIR rate used by the report prepares to measure FNIR accuracy.

The report **NEVER SAID THAT THAT WILL BE USED FOR DE-DUPLICATION ***. I am highlighting this because that way it could stick to your filthy brain. They could have simply listed to indicate that biometrics are capable of achieving near zero FNIR. what if the actual FPIR is different from that?

I have heard about environmentalists that manipulate global warming numbers to push their agenda. But what you are doing is even worse. What if UIDAI had accepted a different FPIR rate in their logic? You just assumed the indicated number, because that is convenient for your propaganda.

I would have appreciated if you have really made some constructive suggestions, rather than using UIDAI project for your sick propaganda.

And the about dematerialized id, can you explain how that will work in India, say for a PDS system?

shyam sunder

In Reply to Ignorant Indian6 years ago

Hey this guy ignorant Indian clearly has an agenda. He is either the biggest beneficiary of UID contracts or is part of the UID himself.

I don't know why the UIDAI cannot come out openly and engage with this website and the articles on UID. As far as I know, they are the only ones attempting to show the otherside of the UID story as well as global experience.
The very fact that many informed voices are participating in the debate here, requires a truly confident and nationalistic UID to write openly and engage with people. This stealth bombing through dubious aliases only raises doubts about their intentions and integrity.

shyam sundar

Ignorant Indian

In Reply to shyam sunder6 years ago

Hey Shyam Sundar, i think you are right on your guess about me. I have UIDAI enrollment contracts for all states in binami names and i am making a profit of 500 rupees for every binami enrollment. Also the company i own has exclusive rights for all other contracts of UIDAI.

I hope that makes you to feel better about your self.

Ok, just to bring you to reality, I am not any type of beneficiary. I am not even related to identity business. I am just a average Indian, who is normally ignorant about other things, but i had always thought why India did not have a infrastructure like a basic identity scheme. This scheme I thought is a good one that will make life easier for certain sections of rural people.

What I can not tolerate is some privacy maniacs getting all stupid people from the world filled with hatred on biometrics and who are basically against a state run identity scheme pushing articles that I clearly see did not base on right numbers or analysis.

All I have been trying past 2 days was forcing the author of this article to give factual numbers and asking them not make stupid assumptions before writing a book on consequences of it.

When the facts are presented right and if they correlate to reality on their impact and if there is a way the author can explain how the 'false positives' are going to derail the scheme, then I am going to believe it.

Until that time, it is a load of bull shit, coated with impressive math.

Ignor Indians

In Reply to Ignorant Indian6 years ago

It is obvious from your name that you are ignorant and st***d as well. Do you know the basic promise the UID is being pushed so hard? As the UIDAI says the UID number is meant for those poor people who do not have any kind of identification and hence remain outside of the beneficial schemes run by the government.
My simple question to you and all those who want to push through one more ID, is "If at all the UID number is meant to creat an ID for those who do not have one, then why the poor fellow is supposed to bring along photo ID and residence proof for enroling?"
Any answers or you are ignorant about this as well? Wake up dear, before this thing of giving useless ID numbers will turn out to be bigger fraud than the 2G, CWG scams.

Mark Lerner

6 years ago

David,

Your analysis is correct. In 2003 IBG provided AAMVA (American Association of Motor Vehicle Administrators) with a report that addressed the issue of "scalability". IBG's report was very insightful; biometrics do not work when there is a large subject pool.

There is one factor that you did not specifically address at length. Yes, biometric vendors do hype their products and the capability of their products. When biometrics is used we are asked to trust the technology, the vendor and the end user/government.

I spent two plus years as a confidant of some of the most senior people in the biometrics industry. One of the people included Denis Berube who was the Chairman of the Board of Viisage Technology.

In 2005 I provided the U.S. government what attorneys called a "massive" amount of evidence of wrongdoing. The evidence I provided was provided to me by senior people at Viisage and other companies. Viisage morphed into L-1 when Mr. LaPenta and two of his associates purchased the company and changed the name to L-1. (while the government investigation was taking place).

I had a conversation with Mr. LaPenta about the evidence I provided the government. Mr. LaPenta did not care about the evidence of rigged testing. bogus testing, exaggeration of results, information about contracts and other matters being provided select wealthy investors versus all investors or other wrongdoing that was taking place.

The evidence that I provided the U.S. government resulted in nearly a two year investigation. The results were never made public; not surprising since the investigation was never made public. Congress was not aware an investigation even took place.

I have spent the last four years plus years leading the fight in the United States against the Real ID Act 2005 (biometric enrollment for all U.S. citizens). The organization I founded, the Constitutional Alliance works with those on the "left" and "right" against mandatory biometrics enrollment. http://www.constitutionalalliance.org

Governments have a large financial stake in biometrics. Those in government "want to believe the technology will work as advertised". When I asked those in the biometrics industry why they did not speak up prior to providing me with evidence they said "they believed the technology would work one day."

Those in government thought the technology would work because that is what vendors told them. That does not let those in government off the hook. Many of these people left government after being directly involved in vendors (Viisage/L-1) receiving large contracts and then going on the payroll of Viisage/L-1 after they left government service.

Biometrics do not provide identification. It is the breeder documents that provide identification. In fact, biometrics can validate a fraud. Here in the U.S. many people have submitted fraudulent breeder documents and all the biometrics did is validate the fraud taking place.

I would also humbly suggest that you look at the progress being made reverse engineering biometric templates. This eventuality will cause harm that will not be able to be undone. Unlike social security numbers or even a person's name; a person's biometrics are not easily changed if they can be changed at all. ( a person could change their facial biometric with plastic surgery but a person cannot change all their biometrics)

Consider that once databases and identification documents are compromised all people will be told by governments that the identification process will need to be moved from the ID document to the individual. That technology already does exist in the form of a RFID tattoo (SOMARK Innovations http://www.somarkinnovations.com/about/

Biometrics is about control and greed, not security. You can email directly at [email protected]

There are those in government whose goal is to create a 24/7 digital footprint of every citizen utilizing biometrics and RFID technology.

You cannot reconcile the creation of a surveillance society and a free society.

I have testified many times before state legislative committees and am working with members of Congress to end the forced enrollment of U.S. citizens into a single global system of identification and financial control.

Finally, consider the words of Robert Mocny, Department of Homeland Security “information sharing is appropriate around the world,” and DHS plans to create a “Global Security Envelope of internationally shared biometric data that would permanently link individuals with biometric ID, personal information held by governments and corporations.”

Mark Lerner

David Moss

6 years ago

Justice Out Of A Box (JOAB) -- a response to SANarayan

I have read a little about PDS, a very little, enough to convince me that it is a huge subject about which I am ignorant and in connection with which any contribution I try to make is most likely to be useless.
I note this comment in a recent Times of India article, 'Corruption in PDS can't be stopped' [1]:
“... [retired SC judge DP Wadhwa] feels that use of information technology is the only way to reduce corruption in the system, as human intervention was useless. He is also exploring other mechanisms to devise the best possible system for PDS.”
I know nothing about PDS but quite a lot about identity management schemes. And I would advise the judge -- probably unnecessarily, I expect he knows -- that adding an IT system doesn’t automatically bring justice, you can’t buy justice out of a box, add IT and you may just get automated corruption, much simpler for the perpetrators, although they may not thank the judge for that.
It seems that SANarayan, like the judge, believes that you can buy justice out of a box. Henceforth, I shall call him JOABNarayan.
Aadhaar is a very big system and, as such, there are many metrics needed to measure its health. “... if UID can deliver unique numbers with a defect rate of .0025% ...”, says JOABNarayan.
Oh no, you don’t. 0.0025% is the false positive identification rate (FPIR). That’s just one measure. We need to add the false negative identification rate. And the false accept rate and false reject rate. These are all mentioned in UIDAI’s proof of concept trial report [2]. We need to add the failure to enrol rate, which is not mentioned in UIDAI’s report.
Then, as noted in the moneylife article above, we need to consider how the reliability of biometrics degrades over time, which in turn requires repeated re-enrolment on the CIDR. We need to consider security. How good are the vetting procedures for enrolment agents? What is to stop someone from setting himself up as an enrolment agent, or a registrar, and creating a lot of phantom people who are entitled to real subsidy money?
I have downloaded a copy of the enrolment agent software from UIDAI’s website myself. Anyone can. How good is the password-protection system on this software? Too good for me. But India’s universities are probably teeming with super-bright students who could crack it in minutes. And incidentally, why don’t UIDAI use biometrics to authorise logging on? Don’t they believe their own publicity? Or Morpho’s?
What about the security of telecommunications between outlying agents and the CIDR at the centre? Can UIDAI prevent “man-in-the-middle” attacks?
How efficient will Aadhaar be? It may be different in India, but here in the UK, I am sorry to say, our civil servants are often incompetent [3]. Even if all the IT components of Aadhaar work, that is no guarantee that the UID scheme will work or do any good. Just because you change the system doesn’t mean that the people change.
How much will Aadhaar cost? Is it worth it? Will it make PDS work? Nothing else seems to have made PDS work, judging by my very superficial reading? Why should Aadhaar work where everything else has failed? Are people deceiving themselves, duping themselves, for the best of reasons, but nevertheless foolishly, that Aadhaar is somehow magic?
JOABNarayan is happy to accept the FPIR of 0.0025%. He shouldn’t be. At that rate, UIDAI cannot guarantee unique identification, it is a unique identification authority with no unique identification to manage, it will have no authority. Are you sure that you are happy to abandon unique identification, JOABNarayan? Do you realise what it means? There could be any number of duplicates on the CIDR. What use is it then?
Moving on to the false reject rate (FRR), what are you going to do about all the people who are told by Aadhaar that they are not themselves? Let them starve? You can reduce the FRR. But only at the expense of increasing the false accept rate (FAR). At which point, everyone could use their biometrics to prove that they are anyone [4].
And that brings me to my impoliteness. It is very rude of me to call IgnorantIndian “DSOHIndian” and to call SANarayan “JOABNarayan”. My apologies. Who am I to assign a new identity to them?
And who is UIDAI to assign a new identity to them?
Take a look at FRR and FAR. They are variable. When one is low, the other is high, and vice versa. It is up to UIDAI and its agents to set the tolerance limits. Set the FRR low, and David Moss is David Moss. Set it high, and David Moss isn’t David Moss. The identity UIDAI assign to you or me or whoever is discretionary. That is not what we normally mean by identity. Have you thought about that? What does it mean to you? Do you want UIDAI (or anyone else) to have discretionary powers over who you are? What is this peculiar new form of identity that they are dealing in?
Everything about Aadhaar has got failure written all over it. It is big and complicated, it assumes that administrators will change their nature by magic and it depends on a flaky technology with a lamentable track record.
I may know nothing about PDS but I can tell you today that Aadhaar will deliver none of the benefits everyone hopes for. A few suppliers will get richer. A lot of taxpayers will have nothing to show for their money.
What, asks JOABNarayan, is the alternative? Good question.
One alternative, out of many, is what I call “dematerialised ID” [5]. I proposed it to the UK government in 2003. They ignored it. Maybe they were right. You take a look. It depends on mobile phones, a technology which manifestly works and is here already, and on digital certificates, ditto, it works and it’s here and has been since the 1970s. And it doesn’t rely on being able to buy justice out of a box.

SANarayan

6 years ago

Lets look at the issue another way. UID is not an end in itself. Its meant to be used for a(some) purpose(s). In management there is a proposition that if you can be 80% right about a particular solution , then go ahead and do it; because there are no perfect solutions and perfect answers. Now if UID can deliver unique numbers with a defect rate of .0025%, does it really matter that UID holders are given ,say PDS rations at low rate, even if doubly given to those with repeat numbers as against current diversion of 40% of PDS supplies to the open market? Do the sceptics/perfectionists have any alternate solutions to prevent leakages of subsidies which are self regulating?

David Moss

6 years ago

Mathematicians and logicians have the luxury of dealing in certainty. Scientists don’t.

Scientists have to bring to bear all their knowledge and all their imagination to create a hypothesis which explains the known events to date and predicts future events. If those predictions prove false, then their hypothesis is disproved. That’s for sure. Otherwise, their hypothesis is vindicated for the moment, but there never comes a time when it is proved. It’s lop-sided, it’s asymmetrical, but that’s the way things are, that’s the problem of induction.

Which is why the natural position of good scientists is scepticism.

DSOHIndian says:
QUOTE
Finally I got the answer I am looking for. Throw suspicion until people can not distinguish between right and wrong.
UNQUOTE

It’s not suspicion. It’s scepticism. It is scientifically respectable to be sceptical about biometrics. The alternative is to be naïve or credulous or gullible.

It is only naïve or credulous or gullible people who can’t tell the difference between right and wrong.

The Unique Identification Authority of India is in the unique identification business. It takes raw materials – biometrics – and it creates unique electronic identities on the CIDR. Is UIDAI running its business properly? Is it checking that all those millions of electronic identities it has amassed are unique? Is UIDAI to be trusted?

Yes.

In which case it will no doubt have no trouble explaining how it ensures that each electronic identity on the CIDR is unique. It will no doubt have no trouble telling India how it has compared each set of biometrics (fingerprints + irisprints) against every other set of biometrics on the CIDR. It will no doubt have no trouble telling India how many false positives it discovered and how they resolved the problem.

If UIDAI are being scientific, if they are respectably sceptical, they will have all the procedures in place to keep testing their hypothesis that biometrics allow them to create millions of unique identities. Testing it all day, every day, as the enrolment details coming flooding in by the million from registrars all over India.

And they will, no doubt, be proud to share with India the results of their findings to date. As, indeed, they should be. After all, the Indian taxpayer is paying UIDAI quite a lot of money and they have the right and the duty to make sure the money is well-spent.

How long have we known each other? A day or so? Not long but I’m beginning to recognises IgnorantIndian’s Dry Sense Of Humour. He’s obviously not ignorant. I shall henceforth call him DSOHIndian.

Take this comment of his, for example:
QUOTE
... if you need to know accurate duplicate registrations are done so far use this link:

UIDAI is pretty good in updating fake numbers. They are in fact even creative to the extent that they prepare daily reports down to state/district/sub-district level.
UNQUOTE

For anyone who doesn’t get the joke, the whole point is that you can spend as long as you like clicking away on the UIDAI portal and you won’t find any statistics on false positives or duplicates or deduplication.

Very amusing.

Petroleum & natural gas and electricity regulators also named for keeping a total Rs2,142 crore outside government accounts

New Delhi: The top government auditor, the Comptroller and Auditor General (CAG) has rapped five regulators, including the Securities and Exchange Board of India (SEBI), the Insurance Regulatory and Development Authority (IRDA) and Petroleum & Natural Gas Regulatory Board (PNGRB), for keeping their surplus funds worth over Rs2,142 crore, collected through fee and penalties, outside government accounts.

The CAG in its report has pulled up SEBI, IRDA, Pension Fund Regulatory Development Authority (PFRDA), Central Electricity Regulatory Commission (CERC) and PNGRB for "contravention of constitutional provision".

"Scrutiny of the annual accounts of the five regulatory bodies revealed that these bodies were retaining their surplus funds generated through fee charges, unspent grants received from the government, aggregating to Rs2,142.47 crore at the end of March 2010 outside the government accounts," the CAG said.

PTI reports that this practice by the regulators is in contravention of the instructions issued by the finance ministry that all ministries and departments of the government would ensure that funds of regulatory bodies are maintained in the public account, the CAG said.

"The finance accounts of the Union government, therefore, do not present a current and complete picture of government finances to the extent of funds of Rs2,142.47 crore lying outside the government accounts," it said.

Further, the CAG report noted that the finance ministry, in December 2009 and November 2010, had said that broad guidelines relating to operationalising SEBI and IRDA funds in the public accounts have been framed and conveyed to the Controller General of Accounts for drawing up the detail accounting procedure. "However, no funds in this regard, were opened in the public accounts of the finance accounts for the year 2009-10," the report added.

The CAG audit report for the years ended March 2008 and March 2009 had also highlighted retention of funds by IRDA and SEBI outside the government accounts.

User

The price increase has been necessitated on account of steep rise in input costs, the company stated

New Delhi: Passenger car and commercial vehicles maker Tata Motors today said it will hike the prices of its passenger vehicles, excluding the Nano, by up to Rs36,000 from 1st April, to offset rising input costs, reports PTI.

"Despite continuous cost control initiatives, the company have been forced to take these increases on account of steep rise in input costs," Tata Motors said in a statement.

Following the price revision, the Indica will be costlier by Rs7,000-Rs9,000, Vista and Indigo CS by Rs8,000-Rs11,000 and Manza by Rs10,000-Rs15,000.

The Nano will, however, not be revised.

In the utility vehicles segment, depending upon the model, Sumo prices will go up by Rs13,000-Rs15,000, Grande by Rs16,000-Rs19,000, Safari by Rs18,000-Rs29,000, Aria by Rs30,000-Rs36,000 and Venture by Rs9,000-Rs12,000.